<?php
session_start();
$DB_USER="mxdb";
$DB_PASS="tagger";
$DB_HOST="localhost";
$DB_NAME="mxdb";

if ($_POST['action'] == "login") {
	/*
	$query = "SELECT id, user FROM tagger_user WHERE user = '$_POST[user]' AND pass= '$_POST[pass]'";
	$link = mysql_connect($DB_HOST, $DB_USER, $DB_PASS);
	mysql_select_db($DB_NAME, $link);
	$selection = mysql_query($query, $link);
	if (!$selection)
		die('<result type="failure">Invalid query: ' . mysql_error() . '</result>');
	echo "<result>";
	if (mysql_num_rows($selection) != 1) {
		session_destroy();
		die('<result type="failure">Invalid username/password</result>');
	}
	$row = mysql_fetch_row($selection);
	$_SESSION['USER_ID'] = $row[0];
	$_SESSION['USERNAME'] = $row[1];
	*/
	$_SESSION['MX_USER_ID'] = 1;
	$_SESSION['MX_USERNAME'] = 'MageX';
	header("Content-type: text/xml");
	echo ('<result>' . $_SESSION['MX_USERNAME'] . ' successfully logged in with ' . $_SESSION['MX_USER_ID'] . ' id</result>');
	exit();
} else if ($_GET['action'] == "logout") {
	session_destroy();
	header("Content-type: text/xml");
	echo ('<result>Logout successful</result>');
	exit();
}
if (!isset($_SESSION['MX_USERNAME'])) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html>
<head>
	<title>Tagger Login</title>
</head>
<body>
<form method="POST">
	<input type="hidden" name="action" value="login" />
	Username: <input type="text" name="user" /><br/>
	Password: <input type="password" name="pass" /><br/>
	<input type="submit" value="Login" />
</form>
</body>
</html>
<?php
} else if ($_GET['action'] == "create") {
	header("Content-type: text/xml");
	$link = mysql_connect($DB_HOST, $DB_USER, $DB_PASS);
	mysql_select_db($DB_NAME, $link);
	
	$owner = $_SESSION['USER_ID'];
	$type = $_GET['type'];
	$tags = "inbox";
	$visibility = "public";
	$title = "New " . $type;
	
	$query = "select * from tagger_entity where type='" . $type . "'";
	$selection = mysql_query($query, $link);
	if (!$selection)
		die('<result success="false" message="Invalid query: ' . mysql_error() . '" />');
	if (mysql_num_rows($selection) < 1)
		die('<result success="false" message="Invalid entity type" />');
	
	$query = "INSERT INTO tagger_entity (owner, type, tags, visibility, title) VALUES (" . $owner . ", '" . $type . "', '" . $tags . "', '" . $visibility . "', '" . $title . "')";
	$selection = mysql_query($query, $link);
	if (!$selection)
		die('<result success="false" message="Invalid query: ' . mysql_error() . '" />');
	$created_id = mysql_insert_id($link);
	echo '<result success="true" id="' . $created_id . '" />';
	exit();
} else if ($_GET['action'] == "update") {
	header("Content-type: text/xml");
	$id = $_GET['id'];
	$name = $_GET['name'];
	$value = $_GET['value'];
	
	if ($name == "")
		die('<result success="false" message="Null name" />');

	$query = "SELECT id FROM tagger_entity WHERE id=" . $id;
	$link = mysql_connect($DB_HOST, $DB_USER, $DB_PASS);
	mysql_select_db($DB_NAME, $link);
	$selection = mysql_query($query, $link);
	if (!$selection)
		die('<result success="false" message="Invalid query: ' . mysql_error() . '" />');
	if (mysql_num_rows($selection) < 1) {
		die('<result success="false" message="Invalid entity id number" />');
	}

	$query = "INSERT INTO tagger_meta (id, k, v) VALUES ($id, '$name', '$value')";
	$selection = mysql_query($query, $link);
	if (!$selection)
		die('<result success="false" message="Invalid query: ' . mysql_error() . ' ' . $query . '" />');
	echo '<result success="true" />';
	exit();
} else if ($_GET['action'] == "query") {
	header("Content-type: text/xml");

	$where = "";
	$where .= "type='" . $_GET['type'] . "' AND ";
	if ($_GET['tags'] != null) $where .= "tags like '%" . $_GET['tags'] . "%' AND ";
	if ($_GET['visibility'] != null) $where .= "visibility='" . $_GET['visibility'] . "' AND ";
	if ($_GET['title'] != null) $where .= "title like '%" . $_GET['title'] . "%' AND ";
	
	$query = "SELECT e.id, e.owner, e.created, e.type, e.tags, e.visibility, e.title, m.k as name, m.v as value, m.created as updated FROM tagger_entity e, tagger_meta m WHERE " . $where . " e.id = m.id GROUP BY id, owner, created, type, tags, visibility, title, name, value ORDER BY id, name, created DESC";

	$link = mysql_connect($DB_HOST, $DB_USER, $DB_PASS);
	mysql_select_db($DB_NAME, $link);
	$selection = mysql_query($query, $link);
	if (!$selection)
		die('<result success="false" message="Invalid query: ' . mysql_error() . '" />');
	echo '<result success="true" query="' . $query . '">';
	//echo '<result success="true">';
	if (mysql_num_rows($selection) > 0) {
		$cid = "";
		$x = 0;
		while ($row = mysql_fetch_row($selection)) {
			$e_id = $row[0];
			$e_owner = $row[1];
			$e_created = $row[2];
			$e_type = $row[3];
			$e_tags = $row[4];
			$e_visibilty = $row[5];
			$e_title = $row[6];
			$m_name = $row[7];
			$m_value = $row[8];
			$m_updated = $row[9];
			if ($e_id != $cid) {
				if ($cid != "")
					echo '</entity>';
				echo '<entity id="' . $e_id . '" owner="' . $e_owner . '" created="' . $e_created . '" type="' . $e_type . '" tags="' . $e_tags . '" visibility="' . $e_visibilty . '" title="' . $e_title . '">';
				$cid = $e_id;
			}
			if ($m_name != "")
				echo '<meta name="' . $m_name . '" value="' . $m_value . '" updated="' . $m_updated . '" />';
			$x++;
		}
		echo '</entity>';
	}
/*
*/
	echo "</result>";
} else {
	die('<result type="failure">Invalid action</result');
}
?>
